<?php
/*
  $Id: account.php,v 1.61 2003/06/09 23:03:52 hpdl Exp $

  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com

  Copyright (c) 2003 osCommerce

  Released under the GNU General Public License
*/

require('includes/application_top.php');

if (!$account->isRegistered())
{
	$navigation->setSnapshot();
	tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
}

switch ($_HTTP_GET_VARS['view'])
{
	// Edit account information
	case 'edit':
		
		if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'process')) {
			if (ACCOUNT_GENDER == 'true') {
				$gender = tep_db_prepare_input($HTTP_POST_VARS['gender']);
			}
			
			$firstname = tep_db_prepare_input($HTTP_POST_VARS['firstname']);
			$lastname = tep_db_prepare_input($HTTP_POST_VARS['lastname']);
			
			if (ACCOUNT_DOB == 'true') {
				$dob = tep_db_prepare_input($HTTP_POST_VARS['dob']);
			}
			
			$email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);
			$telephone = tep_db_prepare_input($HTTP_POST_VARS['telephone']);
			$fax = tep_db_prepare_input($HTTP_POST_VARS['fax']);
			$error = false;
			
			if (ACCOUNT_GENDER == 'true') {
				if ( ($gender != 'm') && ($gender != 'f') ) {
					$error = true;
					$messageStack->add('account_edit', ENTRY_GENDER_ERROR);
				}
			}
			
			if (strlen($firstname) < ENTRY_FIRST_NAME_MIN_LENGTH) {
				$error = true;
				$messageStack->add('account_edit', ENTRY_FIRST_NAME_ERROR);
			}
			
			if (strlen($lastname) < ENTRY_LAST_NAME_MIN_LENGTH) {
				$error = true;
				$messageStack->add('account_edit', ENTRY_LAST_NAME_ERROR);
			}
			
			if (ACCOUNT_DOB == 'true') {
				if (!checkdate(substr(tep_date_raw($dob), 4, 2), substr(tep_date_raw($dob), 6, 2), substr(tep_date_raw($dob), 0, 4))) {
					$error = true;
					$messageStack->add('account_edit', ENTRY_DATE_OF_BIRTH_ERROR);
				}
			}
			
			if (strlen($email_address) < ENTRY_EMAIL_ADDRESS_MIN_LENGTH) {
				$error = true;
				$messageStack->add('account_edit', ENTRY_EMAIL_ADDRESS_ERROR);
			}
			
			if (!tep_validate_email($email_address)) {
				$error = true;
				$messageStack->add('account_edit', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);
			}
			
			$check_email_query = tep_db_query("select count(*) as total from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "' and customers_id != '" . (int)$customer_id . "'");
			$check_email = tep_db_fetch_array($check_email_query);
			
			if ($check_email['total'] > 0) {
				$error = true;
				$messageStack->add('account_edit', ENTRY_EMAIL_ADDRESS_ERROR_EXISTS);
			}
			
			if (strlen($telephone) < ENTRY_TELEPHONE_MIN_LENGTH) {
				$error = true;
				$messageStack->add('account_edit', ENTRY_TELEPHONE_NUMBER_ERROR);
			}
			
			if ($error == false) {
				$sql_data_array = array(
					'customers_firstname' => $firstname,
					'customers_lastname' => $lastname,
					'customers_email_address' => $email_address,
					'customers_telephone' => $telephone,
					'customers_fax' => $fax
				);
				
				if (ACCOUNT_GENDER == 'true') {
					$sql_data_array['customers_gender'] = $gender;
				}
				
				if (ACCOUNT_DOB == 'true') {
					$sql_data_array['customers_dob'] = tep_date_raw($dob);
				}
				
				tep_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . (int)$customer_id . "'");
				tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int)$customer_id . "'");
				
				$sql_data_array = array(
					'entry_firstname' => $firstname,
					'entry_lastname' => $lastname
				);
				
				tep_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array, 'update', "customers_id = '" . (int)$customer_id . "' and address_book_id = '" . (int)$customer_default_address_id . "'");
				
				// reset the session variables
				$customer_first_name = $firstname;
				$messageStack->addSession('account', SUCCESS_ACCOUNT_UPDATED, 'success');
				tep_redirect(tep_href_link(FILENAME_ACCOUNT, '', 'SSL'));
			}
		}
		
		$account_query = tep_db_query("select customers_gender, customers_firstname, customers_lastname, customers_dob, customers_email_address, customers_telephone, customers_fax from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");
		$account = tep_db_fetch_array($account_query);
		
		if (ACCOUNT_GENDER == 'true') {
			if (isset($gender)) {
				$male = ($gender == 'm') ? true : false;
			} else {
				$male = ($account['customers_gender'] == 'm') ? true : false;
			}
			$female = !$male;
		}
		
		$theme->assign('male', $male);
		$theme->assign('female', $female);
		$theme->assign('account', $account);
		$template = 'account_edit.tpl';
		break;
	
	// Account history
	case 'history':
		$template = 'account_history.tpl';
		break;
	
	// Account history info
		case 'history_info':
		
		if (!isset($HTTP_GET_VARS['order_id']) || (isset($HTTP_GET_VARS['order_id']) && !is_numeric($HTTP_GET_VARS['order_id']))) {
			tep_redirect(tep_href_link(FILENAME_ACCOUNT_HISTORY, '', 'SSL'));
		}
		
		$customer_info_query = tep_db_query("select customers_id from " . TABLE_ORDERS . " where orders_id = '". (int)$HTTP_GET_VARS['order_id'] . "'");
		$customer_info = tep_db_fetch_array($customer_info_query);
		
		if ($customer_info['customers_id'] != $customer_id) {
			tep_redirect(tep_href_link(FILENAME_ACCOUNT_HISTORY, '', 'SSL'));
		}
		
		require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_ACCOUNT_HISTORY_INFO);
		require(DIR_WS_CLASSES . 'order.php');
		
		$order = new order($HTTP_GET_VARS['order_id']);
		
		$statuses_query = tep_db_query("select os.orders_status_name, osh.date_added, osh.comments from " . TABLE_ORDERS_STATUS . " os, " . TABLE_ORDERS_STATUS_HISTORY . " osh where osh.orders_id = '" . (int)$HTTP_GET_VARS['order_id'] . "' and osh.orders_status_id = os.orders_status_id and os.language_id = '" . (int)$languages_id . "' order by osh.date_added");
		$statuses_array = array();
		
		while ($statuses = tep_db_fetch_array($statuses_query)) {
			$statuses_array[] = $statuses;
		}
		
		$theme->assign('order', $order);
		$theme->assign('statuses', $statuses_array);
		$template = 'account_history_info.tpl';
		break;
	
	// Account newsletters
	// TODO: Remove this - it is to be implemented as a plugin!
	case 'newsletters':
		echo 'This functionality to be replaced by some form of plugin';
		exit(0);
		$template = 'account_newsletters.tpl';
		break;
	
	// Account notifications
	case 'notifications':
		$global_query = tep_db_query("select global_product_notifications from " . TABLE_CUSTOMERS_INFO . " where customers_info_id = '" . (int)$customer_id . "'");
		$global = tep_db_fetch_array($global_query);
		
		if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'process')) {
			if (isset($HTTP_POST_VARS['product_global']) && is_numeric($HTTP_POST_VARS['product_global'])) {
				$product_global = tep_db_prepare_input($HTTP_POST_VARS['product_global']);
			} else {
				$product_global = '0';
			}
			
			(array)$products = $HTTP_POST_VARS['products'];
			
			if ($product_global != $global['global_product_notifications']) {
				$product_global = (($global['global_product_notifications'] == '1') ? '0' : '1');
				
				tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set global_product_notifications = '" . (int)$product_global . "' where customers_info_id = '" . (int)$customer_id . "'");
			} elseif (sizeof($products) > 0) {
				$products_parsed = array();
				
				for ($i=0, $n=sizeof($products); $i<$n; $i++) {
					if (is_numeric($products[$i])) {
						$products_parsed[] = $products[$i];
					}
				}
				
				if (sizeof($products_parsed) > 0) {
					$check_query = tep_db_query("select count(*) as total from " . TABLE_PRODUCTS_NOTIFICATIONS . " where customers_id = '" . (int)$customer_id . "' and products_id not in (" . implode(',', $products_parsed) . ")");
					$check = tep_db_fetch_array($check_query);
					
					if ($check['total'] > 0) {
						tep_db_query("delete from " . TABLE_PRODUCTS_NOTIFICATIONS . " where customers_id = '" . (int)$customer_id . "' and products_id not in (" . implode(',', $products_parsed) . ")");
					}
				}
			} else {
				$check_query = tep_db_query("select count(*) as total from " . TABLE_PRODUCTS_NOTIFICATIONS . " where customers_id = '" . (int)$customer_id . "'");
				$check = tep_db_fetch_array($check_query);
				
				if ($check['total'] > 0) {
					tep_db_query("delete from " . TABLE_PRODUCTS_NOTIFICATIONS . " where customers_id = '" . (int)$customer_id . "'");
				}
			}
			
			$messageStack->addSession('account', SUCCESS_NOTIFICATIONS_UPDATED, 'success');
			
			tep_redirect(tep_href_link(FILENAME_ACCOUNT, '', 'SSL'));
		}
		
		$products_check_query = tep_db_query("select count(*) as total from " . TABLE_PRODUCTS_NOTIFICATIONS . " where customers_id = '" . (int)$customer_id . "'");
		$products_check = tep_db_fetch_array($products_check_query);
		$products_array = array();
		
		if ($products_check['total'] > 0) {
			$counter = 0;
			$products_query = tep_db_query("select pd.products_id, pd.products_name from " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_PRODUCTS_NOTIFICATIONS . " pn where pn.customers_id = '" . (int)$customer_id . "' and pn.products_id = pd.products_id and pd.language_id = '" . (int)$languages_id . "' order by pd.products_name");
			
			while ($products = tep_db_fetch_array($products_query)) {
				$products_array[] = $products;
			}
		}
		
		$theme->assign('global', $global);
		$theme->assign('products', $products_array);
		$template = 'account_notifications.tpl';
		break;
	
	// Change the account password
	case 'password':
		
		// TODO: Change from 'process' to 'change_password'
		if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'process')) {
			// TODO: Much of this should, perhaps be moved to an Account object
			// eg: $account->changePassword($current, $new, $confirm);
			// Returns boolean?
			// We can probably fine-tune the error message if it fails.
			
			$password_current = tep_db_prepare_input($HTTP_POST_VARS['password_current']);
			$password_new = tep_db_prepare_input($HTTP_POST_VARS['password_new']);
			$password_confirmation = tep_db_prepare_input($HTTP_POST_VARS['password_confirmation']);
			
			$error = false;
			
			if (strlen($password_current) < ENTRY_PASSWORD_MIN_LENGTH) {
				$error = true;
				$messageStack->add('account_password', ENTRY_PASSWORD_CURRENT_ERROR);
			} elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
				$error = true;
				$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
			} elseif ($password_new != $password_confirmation) {
				$error = true;
				$messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
			}
			
			if ($error == false) {
				$check_customer_query = tep_db_query("select customers_password from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");
				$check_customer = tep_db_fetch_array($check_customer_query);
				
				if (tep_validate_password($password_current, $check_customer['customers_password'])) {
					tep_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '" . tep_encrypt_password($password_new) . "' where customers_id = '" . (int)$customer_id . "'");
					
					tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int)$customer_id . "'");
					
					$messageStack->addSession('account', SUCCESS_PASSWORD_UPDATED, 'success');
					
					tep_redirect(tep_href_link(FILENAME_ACCOUNT, '', 'SSL'));
				} else {
					$error = true;
					$messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING);
				}
			}
		}
		
		$template = 'account_password.tpl';
		break;
	
	// If we get this far, display the default page.
	default:
		$orders_query = tep_db_query("select o.orders_id, o.date_purchased, o.delivery_name, o.delivery_country, o.billing_name, o.billing_country, ot.text as order_total, s.orders_status_name from " . TABLE_ORDERS . " o, " . TABLE_ORDERS_TOTAL . " ot, " . TABLE_ORDERS_STATUS . " s where o.customers_id = '" . (int)$customer_id . "' and o.orders_id = ot.orders_id and ot.class = 'ot_total' and o.orders_status = s.orders_status_id and s.language_id = '" . (int)$languages_id . "' order by orders_id desc limit 3");
		$orders_array = array();
		
		while ($orders = tep_db_fetch_array($orders_query)) {
			if (tep_not_null($orders['delivery_name'])) {
				$order_name = $orders['delivery_name'];
				$order_country = $orders['delivery_country'];
			} else {
				$order_name = $orders['billing_name'];
				$order_country = $orders['billing_country'];
			}
			
			$orders_array[] = $orders;
		}
		
		$template = 'account.tpl';
		break;
}

$theme->display($template);

require(DIR_WS_INCLUDES . 'application_bottom.php');

?>
